Garmin Satnav Forensic Methods and Artefacts: An Exploratory Study

Arbelet, A. (2014). Garmin Satnav Forensic Methods and Artefacts: An Exploratory Study (MSc ASDF Dissertation). Edinburgh Napier University (Macfarlane, R., Buchanan, W.).


ISBN:
ISSN:

Abstract

Over ten years ago, major changes in the Global Positioning System (GPS) technology led to its explosion in popularity. GPS devices are now ubiquitous, escorting their users everywhere they go, and potentially recording the entirety of their whereabouts. As such, they represent invaluable assets to forensic practitioners. Amongst the different brands, Garmin and Tom-Tom are by far the most widespread, and are regularly encountered as part of investigations.
GPS forensics is a relatively new field of study, in which tools and methodologies are very reliant upon the device itself. Whereas several tools and methodologies have been developed to address Tom-Tom devices, the lack of knowledge concerning Garmin devices may lead to investigators missing evidence.
This thesis aims to explore forensic methods applicable to Garmin devices, and highlight locational artefacts located on them, which may be of use in a digital investigation. To do so, three series of experiments have been designed and performed, intending to document the behaviour of the device, the methods to acquire and analyse its content efficiently, and the reliability of the data recovered.
This thesis shows successful acquisition of data from a range of Garmin devices. It also demonstrates that various forensic artefacts can be recovered from Garmin devices, with the results compared to similar research into Tom-Tom GPS devices. This highlights that Garmin devices potentially have a greater forensic potential than Tom-Tom devices, as it was found they typically hold up to 6 month of their user’s daily locations, regardless of whether the navigation was in use or not. Using carving techniques and file signatures discovered through the project, this thesis shows how to recover further location tracking data from unallocated clusters. However, it also highlights that such information should be considered carefully, since the work also demonstrates that the data can be manipulated using anti-forensic techniques.
[Read More]

Authors

Alexandre Arbelet
Researcher
A.Arbelet@napier.ac.uk
+44 131 455

Areas of Expertise

Cyber-Security
Electronic information now plays a vital role in almost every aspect of our daily lives. So the need for a secure and trustworthy online infrastructure is more important than ever. without it, not only the growth of the internet but our personal interactions and the economy itself could be at risk.